Identity Security Evolves with Rise of AI Agents

The security landscape is undergoing a fundamental shift as organizations increasingly adopt AI agents and copilots. This new class of non-human identities presents both opportunities and challenges for cybersecurity professionals.

The Changing Nature of Identity

Identity has always been central to security, but the proliferation of AI agents means we need to rethink how we define and manage it. As Dustin Wilcox, CISO at S&P Global, notes: “Identity is now both a control surface and an attack surface. We’ve had non-human identities before, but agents represent a new category.”

Traditional identity verification methods based on human behavior (like keyboard telemetry) don’t apply to digital-native agents. This creates visibility gaps as CISOs struggle to track how many agents exist, what they’re authorized to do, and how they’re being used.

Key Tenets for Modern Identity Security

According to Michael Adams, CISO at DocuSign, CISOs should focus on these principles:

  1. Build a strong foundation first: Prioritize clean directories, least privilege access controls, and reliable offboarding processes before implementing advanced solutions.
  2. Design specifically for non-human identities: Avoid carrying over legacy permission structures—start from the principle of least privilege.
  3. Take inventory of all non-human identities: Track who manages each identity and what it’s authorized to access.
  4. Treat MFA as a baseline: Implement phishing-resistant alternatives beyond SMS or push notifications.
  5. Embrace continuous verification: Move from point-in-time checks to ongoing validation of access rights

Addressing New Risks

AI is also expanding the attack surface through:

  • More convincing social engineering: Generative AI makes phishing attacks harder to detect.
  • Rapid credential proliferation: Automated systems create new credentials and tokens faster than manual processes can track.
  • Behavioral signal degradation: Traditional indicators become less reliable as agents handle more digital interactions

The Future of Identity Security

As AI becomes integrated into core business functions, identity will serve as the primary control plane for access decisions. By adopting an identity-centric security architecture, organizations can better manage this new frontier while leveraging AI’s potential to enhance their defenses.